Re: [Muscle] [LONG] Secure PIN management (reader with pinad)

Thu, 08 Apr 2004 09:25:52 -0700

Hi,

I like using the CTBCS through SCardControl. One thing that PC/SC 1 did not do was to handle pin pad readers.
This is one way in which pcsc-lite can handle the pin pad readers. Unfortunately, it does require the calling party to know some information about the reader. After looking through MSDN a bit I noticed a rarely used PC/SC function:

SCardGetAttrib

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ security/security/scardgetattrib.asp

I suppose there could be some way to convey this capability through that function (which does not currently exist in pcsc-lite)

Dave




On Apr 8, 2004, at 8:35 AM, Ludovic Rousseau wrote:

Le Thursday 08 April 2004 � 12:57:06, med-i-bit a �crit:
Ludovic,

Thanks for your comment.

It turned out that German manufacturers of card readers had already done so for their Linux PC/SC drivers. For better or worse, what's being done is to just use SCardTransmit. And then let the IFD-Handler filter out the CT-BCS commands and handle these with the reader.

Do you know how the IFD-Handler differentiate an normal APDU from a CT-BCS
command?
The IFD-Handler detect the VERIFY command defined in ISO 7816-4 and
perform a special treatment instead?

This is certainly an arguable design decision. But, as there have been drivers deployed before using this scheme, we have decided to do the same thing in MacGiro. Currently, the cyberJack pinpad by Reiner SCT has a pcsc-lite driver for MacOS X that works together with MacGiro in this way. 

I don't know if I will follow this direction. It seems to be a serious
hack :-)

My proposal is not incompatible with the present situation. A driver
using the "old" scheme (CT-BCS command in SCardTransmit) could _also_
support the new one (SCardControl) without breaking any thing.


Anybody knows of another way to perform a "secure PIN management"? I can
easily imagine that every reader manufacturer has a different
(proprietary) solution.

Regards,

--
 Dr. Ludovic Rousseau                        [EMAIL PROTECTED]
 -- Normaliser Unix c'est comme pasteuriser le camembert, L.R. --
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle



_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to